@@ -4379,24 +4379,18 @@ static void mlkem_get_noise_x3_eta2_aarch64(byte* rand, byte* seed, byte o)
43794379 */
43804380static void mlkem_get_noise_x3_eta3_aarch64 (byte * rand , byte * seed , byte o )
43814381{
4382- word64 state [3 * 25 ];
4383-
4384- state [0 * 25 + 4 ] = 0x1f00 + 0 + o ;
4385- state [1 * 25 + 4 ] = 0x1f00 + 1 + o ;
4386- state [2 * 25 + 4 ] = 0x1f00 + 2 + o ;
4387-
4388- mlkem_shake256_blocksx3_seed_neon (state , seed );
4389- XMEMCPY (rand + 0 * ETA3_RAND_SIZE , state + 0 * 25 , SHA3_256_BYTES );
4390- XMEMCPY (rand + 1 * ETA3_RAND_SIZE , state + 1 * 25 , SHA3_256_BYTES );
4391- XMEMCPY (rand + 2 * ETA3_RAND_SIZE , state + 2 * 25 , SHA3_256_BYTES );
4392- mlkem_sha3_blocksx3_neon (state );
4393- rand += SHA3_256_BYTES ;
4394- XMEMCPY (rand + 0 * ETA3_RAND_SIZE , state + 0 * 25 ,
4395- ETA3_RAND_SIZE - SHA3_256_BYTES );
4396- XMEMCPY (rand + 1 * ETA3_RAND_SIZE , state + 1 * 25 ,
4397- ETA3_RAND_SIZE - SHA3_256_BYTES );
4398- XMEMCPY (rand + 2 * ETA3_RAND_SIZE , state + 2 * 25 ,
4399- ETA3_RAND_SIZE - SHA3_256_BYTES );
4382+ word64 state [30 ];
4383+ byte i ;
4384+
4385+ for (i = 0 ; i < 3 ; i ++ ) {
4386+ state [4 ] = 0x1f00 + i + o ;
4387+ mlkem_shake256_blocksx3_seed_neon (state , seed );
4388+ XMEMCPY (rand + i * ETA3_RAND_SIZE , state , SHA3_256_BYTES );
4389+ mlkem_sha3_blocksx3_neon (state );
4390+ rand += SHA3_256_BYTES ;
4391+ XMEMCPY (rand + i * ETA3_RAND_SIZE , state ,
4392+ ETA3_RAND_SIZE - SHA3_256_BYTES );
4393+ }
44004394}
44014395
44024396/* Get the noise/error by calculating random bytes.
0 commit comments